English
Related papers

Related papers: Certificate Transparency with Privacy

200 papers

The Web public key infrastructure is essential to providing secure communication on the Internet today, and certificate authorities play a crucial role in this ecosystem by issuing certificates. These authorities may misissue certificates…

Cryptography and Security · Computer Science 2022-03-04 Sarah Meiklejohn , Joe DeBlasio , Devon O'Brien , Chris Thompson , Kevin Yeo , Emily Stark

Despite increasing advancements in today's information exchange infrastructure, the preservation of user data and privacy still remains a problem. Both insecure baselines and secure solutions leak user data. For example, Certificate…

Cryptography and Security · Computer Science 2019-05-24 Vy-An Phan

In this paper, we analyze the evolution of Certificate Transparency (CT) over time and explore the implications of exposing certificate DNS names from the perspective of security and privacy. We find that certificates in CT logs have seen…

Networking and Internet Architecture · Computer Science 2018-11-12 Quirin Scheitle , Oliver Gasser , Theodor Nolte , Johanna Amann , Lexi Brent , Georg Carle , Ralph Holz , Thomas C. Schmidt , Matthias Wählisch

Browsers can detect malicious websites that are provisioned with forged or fake TLS/SSL certificates. However, they are not so good at detecting malicious websites if they are provisioned with mistakenly issued certificates or certificates…

Cryptography and Security · Computer Science 2017-07-21 Abhishek Singh , Binanda Sengupta , Sushmita Ruj

Internet security and privacy stand on the trustworthiness of public certificates signed by Certificate Authorities (CAs). However, software products do not trust the same CAs and therefore maintain different root stores, each typically…

Networking and Internet Architecture · Computer Science 2021-02-01 Nikita Korzhitskii , Niklas Carlsson

The modern Internet is highly dependent on trust communicated via certificates. However, in some cases, certificates become untrusted, and it is necessary to revoke them. In practice, the problem of secure revocation is still open.…

Cryptography and Security · Computer Science 2022-03-07 Nikita Korzhitskii , Matus Nemec , Niklas Carlsson

The level of trust accorded to certification authorities has been decreasing over the last few years as several cases of misbehavior and compromise have been observed. Log-based approaches, such as Certificate Transparency, ensure that…

Cryptography and Security · Computer Science 2016-01-06 Laurent Chuat , Pawel Szalachowski , Adrian Perrig , Ben Laurie , Eran Messeri

Trust in publicly verifiable Certificate Transparency (CT) logs is reduced through cryptography, gossip, auditing, and monitoring. The role of a monitor is to observe each and every log entry, looking for suspicious certificates that…

Cryptography and Security · Computer Science 2018-10-30 Rasmus Dahlberg , Tobias Pulls

In conventional PKI, CAs are assumed to be fully trusted. However, in practice, CAs' absolute responsibility for providing trustworthiness caused major security and privacy issues. To prevent such issues, Google introduced the concept of…

Cryptography and Security · Computer Science 2018-10-02 Murat Yasin Kubilay , Mehmet Sabir Kiraz , Haci Ali Mantar

The security of TLS depends on trust in certificate authorities, and that trust stems from their ability to protect and control the use of a private signing key. The signing key is the key asset of a certificate authority (CA), and its…

Cryptography and Security · Computer Science 2017-10-11 Bargav Jayaraman , Hannah Li , David Evans

The Transport Layer Security (TLS) protocol and its public-key infrastructure (PKI) are widely used in the Internet to achieve secure communication. Validating domain ownership by trusted certification authorities (CAs) is a critical step…

Cryptography and Security · Computer Science 2020-03-31 Pawel Szalachowski

Certification Authority Authentication (CAA) is a safeguard against illegitimate certificate issuance. We show how shortcomings in CAA concepts and operational aspects undermine its effectiveness in preventing certificate misissuance. Our…

Cryptography and Security · Computer Science 2026-02-06 Pouyan Fotouhi Tehrani , Raphael Hiesgen , Thomas C. Schmidt , Matthias Wählisch

Phishing is a prevalent cyberattack that uses look-alike websites to deceive users into revealing sensitive information. Numerous efforts have been made by the Internet community and security organizations to detect, prevent, or train users…

Cryptography and Security · Computer Science 2025-07-15 Gaurav Varshney , Akanksha Raj , Divya Sangwan , Sharif Abuadbba , Rina Mishra , Yansong Gao

This paper systematizes log based Transparency Enhancing Technologies. Based on work on transparency from multiple disciplines we outline the purpose, usefulness, and pitfalls of transparency. We describe the mechanisms that allow log based…

Cryptography and Security · Computer Science 2023-09-19 Alexander Hicks

Many of the benefits we derive from the Internet require trust in the authenticity of HTTPS connections. Unfortunately, the public key certification ecosystem that underwrites this trust has failed us on numerous occasions. Towards an…

Cryptography and Security · Computer Science 2018-01-04 Jan-Ole Malchow , Benjamin Güldenring , Volker Roth

Automated certificate authorities (CAs) have expanded the reach of public key infrastructure on the web and for software signing. The certificates that these CAs issue attest to proof of control of some digital identity. Some of these…

Cryptography and Security · Computer Science 2023-07-18 Zachary Newman

Confidential Computing enhances privacy of data in-use through hardware-based Trusted Execution Environments (TEEs) that use attestation to verify their integrity, authenticity, and certain runtime properties, along with those of the…

Cryptography and Security · Computer Science 2024-12-09 Ceren Kocaoğullar , Tina Marjanov , Ivan Petrov , Ben Laurie , Al Cutter , Christoph Kern , Alice Hutchings , Alastair R. Beresford

Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the…

Cryptography and Security · Computer Science 2015-04-16 Marco Anisetti , Claudio A. Ardagna , Michele Bezzi , Ernesto Damiani , Antonino Sabetta

Current popular phishing prevention techniques mainly utilize reactive blocklists, which leave a ``window of opportunity'' for attackers during which victims are unprotected. One possible approach to shorten this window aims to detect…

Cryptography and Security · Computer Science 2021-06-24 Arthur Drichel , Vincent Drury , Justus von Brandt , Ulrike Meyer

Transparency is crucial in security-critical applications that rely on authoritative information, as it provides a robust mechanism for holding these authorities accountable for their actions. A number of solutions have emerged in recent…

Cryptography and Security · Computer Science 2018-08-08 Mustafa Al-Bassam , Sarah Meiklejohn
‹ Prev 1 2 3 10 Next ›